Path: news.mathworks.com!newsfeed-00.mathworks.com!newsfeed2.dallas1.level3.net!news.level3.com!postnews.google.com!news2.google.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post01.iad.highwinds-media.com!newsfe09.iad.POSTED!7564ea0f!not-for-mail
From: Doug Schwarz <see@sig.for.address.edu>
Newsgroups: comp.soft-sys.matlab
Subject: Re: Official rules for the FEX
References: <hgihbj$3k$1@fred.mathworks.com> <hgitds$5i8$1@fred.mathworks.com> <see-0EF830.20343919122009@news.frontiernet.net> <hglhd7$e6g$1@fred.mathworks.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: MT-NewsWatcher/3.5.2 (Intel Mac OS X)
Message-ID: <see-CFD74C.16101920122009@news.frontiernet.net>
Lines: 65
X-Complaints-To: abuse-news@frontiernet.net
NNTP-Posting-Date: Sun, 20 Dec 2009 21:10:18 UTC
Organization: Frontier
Date: Sun, 20 Dec 2009 16:10:19 -0500
Xref: news.mathworks.com comp.soft-sys.matlab:593999

In article <hglhd7$e6g$1@fred.mathworks.com>,
 "Jan Simon" <matlab.THIS_YEAR@nMINUSsimon.de> wrote:

> Dear Doug!
> 
> > I hope you realize that TMW does not want 
> > to be held liable in case someone were to upload a malicious MEX 
> > function (with false source code, perhaps).  I think the ban on MEX and 
> > p-code is completely justified.
> 
> Thanks Doug! I do not dissent. Is this your opinion or do you cite TMW?

Hi Jan,

I don't think I have ever read any specific reason from TMW, but it's 
the most likely reason (in my opinion).


> If TMW could be held reliable for uploaded MEX files, couldn't they be held 
> reliable for uploaded links to malicious MEX also?!
> What about malicious M-functions or obfuscated C-source with unpredictable 
> results? The BSD license claims, that the downloaders run all functions on 
> their own risk. Isn't this a suffcient protection for TMW?

I don't know as I am not a lawyer, but since almost the whole Internet 
is linked in some way I think it would be difficult to hold TMW liable 
for code that was found on another web site.  I'm thinking that the link 
on mathworks.com would be to a page which contained download links to 
binaries, not direct links to binaries.  That way it would be clear to 
users that they had left mathworks.com.

Of course, it is possible to have a malicious m-file, but as long as you 
can examine that code you can figure out where to place the blame in 
case something undesirable happens.

It might be that the BSD license protects TMW.  In spite of that 
protection, I would guess that TMW simply wants to enable code sharing 
while minimizing (but not eliminating) the possibility of distributing 
malware.  Again, this is just my interpretation of what I have read here.


> I realize that publishing compiled MEX might interfere with some wants of 
> TMW. I have no doubt that TMW has good reasons. But I cannot find clear 
> statements -- except for "Compiled files must be accompanied by their 
> source.", which is the opposite of what they accept in reality.

This whole file sharing concept goes way back to when TMW maintained an 
anonymous ftp site and the thought of malware was more remote and 
anything was acceptable.  Gradually, we have been brought into the 
modern age and we are all less naïve about malware so it's not 
surprising that you can find mixed policy statements.  The only people 
who must know the policy are the MathWorkers who decide whether a 
submission is accepted since they have final say on the matter.  For the 
rest of us it's merely a courtesy to inform us of the policy so we don't 
waste our time.  I tend to apply common sense -- no binaries and no 
competing products make sense to me.

Mit freundlichen Grüßen,

Doug

-- 
Doug Schwarz
dmschwarz&ieee,org
Make obvious changes to get real email address.